Credentials Hunting
▲ 129 r/oscp+7 crossposts

Credentials Hunting

Built a small credential-hunting tool for authorized post-exploitation enumeration on Windows and Linux.

https://github.com/NeCr00/Credential-Hunting

The idea is simple: after gaining access to a host, the tool helps identify hardcoded reusable credentials that may support privilege escalation or lateral movement. It focuses on passwords and host-access credentials, not generic API tokens.

It runs in phases:

  1. OS-specific checks
  2. Credential databases and known credential files
  3. Suspicious filename discovery
  4. Broad filetype content scanning

The goal is to make credential discovery faster, cleaner, and less noisy during HTB-style labs, CTFs, and real-world authorized pentests.

Would love feedback from other pentesters on detection logic, false-positive reduction, and useful locations/filetypes to include.

u/Necrowtf — 9 days ago

Credentials Hunting

Built a small credential-hunting tool for authorized post-exploitation enumeration on Windows and Linux.

https://github.com/NeCr00/Credential-Hunting

The idea is simple: after gaining access to a host, the tool helps identify hardcoded reusable credentials that may support privilege escalation or lateral movement. It focuses on passwords and host-access credentials, not generic API tokens.

It runs in phases:

  1. OS-specific checks
  2. Credential databases and known credential files
  3. Suspicious filename discovery
  4. Broad filetype content scanning

The goal is to make credential discovery faster, cleaner, and less noisy during HTB-style labs, CTFs, and real-world authorized pentests.

Would love feedback from other pentesters on detection logic, false-positive reduction, and useful locations/filetypes to include.

reddit.com
u/Necrowtf — 1 month ago

Credentials Hunting

Built a small credential-hunting tool for authorized post-exploitation enumeration on Windows and Linux.

https://github.com/NeCr00/Credential-Hunting

The idea is simple: after gaining access to a host, the tool helps identify hardcoded reusable credentials that may support privilege escalation or lateral movement. It focuses on passwords and host-access credentials, not generic API tokens.

It runs in phases:

  1. OS-specific checks
  2. Credential databases and known credential files
  3. Suspicious filename discovery
  4. Broad filetype content scanning

The goal is to make credential discovery faster, cleaner, and less noisy during HTB-style labs, CTFs, and real-world authorized pentests.

Would love feedback from other pentesters on detection logic, false-positive reduction, and useful locations/filetypes to include.

reddit.com
u/Necrowtf — 1 month ago
▲ 13 r/blackhat+3 crossposts

Built a small transparent bridge NAC bypass utility for internal red team engagements and lab research.

The idea is simple: place a Linux host (like a Raspberry Pi) inline between a workstation and switch, preserve the authenticated connection, and allow the operator box to pivot traffic through the victim’s access transparently while keeping the workstation online.

Therefore, you can inject and receive traffic on the network without tracing your footprint

Github Project Link

u/Necrowtf — 20 days ago